[关键词]
[摘要]
数据删重技术在云存储系统中得到了广泛的应用.如何在保证数据隐私的前提下,在半可信的云存储系统中实现高效的数据删重,是云计算安全领域的研究热点问题.现有方案在数据标识管理和用户数量统计方面普遍依赖于在线的可信第三方,执行效率有待提高,且容易造成系统瓶颈.提出了一种可验证的数据删重方法,无需可信第三方在线参与.基于双线性映射构造双文件标识方案进行流行度查询,确保标识不泄露数据的任何明文信息.采用改进的群签名方案,使用户可验证服务器返回的流行度标识,有效地防止云服务器伪造数据流行度的查询结果.设计了多层加密方案,可以根据数据的流行度,采用不同的加密方式.分析并证明了方案的安全性和正确性.通过仿真实验,验证了方案的可行性和高效性.
[Key word]
[Abstract]
Data deduplication technology has been widely applied in cloud storage systems. Under the premise of ensuring data privacy, how to effectively perform deduplication in semi-trusted cloud storage environments becomes one of the primary issues in cloud computing security. Current schemes rely heavily on online trusted third parties to manage data labels and to keep track of the number of users. The trusted third party plays such a vital role in those schemes that it is indispensable even at the cost of unsatisfying efficiency and potential bottleneck. A verifiable secure data deduplication scheme in cloud storage is proposed, which doesnot require any online trusted third party. The dual-tag scheme based on bilinear mapping is adopted to conduct popularity check. The tag is used to retrieve files without leaking any exploitable information. A modified group signature scheme is designed to prevent the cloud server from forging popularity query results. Users can verify the authenticity of query results from the cloud server. The multi-layered cryptosystem is adopted in the proposed scheme, in which different encryption strategies are applied according to the popularity of specific data. The correctness and security of the proposed scheme are analyzed and proved. Simulation results show that the proposed scheme is secure and efficient.
[中图分类号]
TP309
[基金项目]
国家自然科学基金(61303197);综合业务网理论及关键技术国家重点实验室开放课题(ISN19-14);赛尔网络下一代互联网创新项目(NGII20170414)